emotet

General

Target

76288b03aada28f313d41a8856e42320372dfc03b255335b3d8c0427cb01c4a1.doc
Size

175KB
Sample

200128-q3x26qlz9e
MD5

6b8d7c69ccacc9c90b4909137d3c50ff
SHA1

0b21bd675839edc8e12b2fe5acdf63e6e92bd3ed
SHA256

76288b03aada28f313d41a8856e42320372dfc03b255335b3d8c0427cb01c4a1
SHA512

d8fb29105f6c25c0da4375f8c6a45c2709adc8da6f9828f1c155967ec66975a4493fc4dda6886574841192fe9e656b37352acf1923cd3a079f070e80f7e203bf

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://earlingramjr.com/wp-admin/jMVDLv8/

exe.dropper

http://empower4talent.com/calendar/uf475/

exe.dropper

http://emyrs-eg.lehmergroup.com/YaePG8Heh9/

exe.dropper

http://expressdocuments.org/egxoii/fO852/

exe.dropper

http://fastagindia.hapus.app/cgi-bin/IJ/

Extracted

Family

emotet

Botnet

Epoch1

C2

70.184.112.55:80

5.34.158.102:80

144.139.91.187:80

12.162.84.2:8080

72.47.209.128:80

74.50.51.115:7080

184.172.27.82:8080

202.62.39.111:80

181.10.204.106:80

91.72.179.214:80

203.130.0.69:80

189.201.197.98:8080

201.213.32.59:80

204.225.249.100:7080

212.71.237.140:8080

94.176.234.118:443

201.213.100.141:8080

31.16.195.72:80

185.94.252.12:80

146.255.96.214:443

rsa_pubkey.plain

Targets

- Target
  
  76288b03aada28f313d41a8856e42320372dfc03b255335b3d8c0427cb01c4a1.doc
- Size
  
  175KB
- MD5
  
  6b8d7c69ccacc9c90b4909137d3c50ff
- SHA1
  
  0b21bd675839edc8e12b2fe5acdf63e6e92bd3ed
- SHA256
  
  76288b03aada28f313d41a8856e42320372dfc03b255335b3d8c0427cb01c4a1
- SHA512
  
  d8fb29105f6c25c0da4375f8c6a45c2709adc8da6f9828f1c155967ec66975a4493fc4dda6886574841192fe9e656b37352acf1923cd3a079f070e80f7e203bf
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1